home

vop.exe

Setup

DEY YAZILIM İNTERNET HIZMETLERI SAN.VE. TIC. LTD. STI.

The application vop.exe by DEY YAZILIM İNTERNET HIZMETLERI SAN.VE. TIC.. STI has been detected as a potentially unwanted program by 19 anti-malware scanners. This is a self-extracting archive and installer and has been known to bundle potentially unwanted software. According to AVG, this software downloads additional adware offers during setup. The file has been seen being downloaded from ultrafastdownloads.com.
Publisher:
Tchibo  (signed by DEY YAZILIM İNTERNET HIZMETLERI SAN.VE. TIC. LTD. STI.)

Product:
Setup

Description:
Tchibo Setup

Version:
5.0.0.0

MD5:
6f1b82ac57b3d71415958bd546b9f6b8

SHA-1:
e21679e3258ace1244d4225f31ac3032744f9ea5

SHA-256:
11c320df8f63e878c879d7aa0df969d6e3c1c1acf7818f1df416d7855124897a

Scanner detections:
19 / 68

Status:
Potentially unwanted

Analysis date:
1/12/2025 5:21:17 PM UTC  (today)

Scan engine
Detection
Engine version

AegisLab AV Signature
Troj.Dropper.W32.Injector
2.1.4+

Agnitum Outpost
PUA.Joedown
7.1.1

AhnLab V3 Security
PUP/Win32.Joedown
2016.02.22

Avira AntiVirus
ADWARE/Joedown.476896.13
8.3.3.2

avast!
Win32:GenMaliciousA-QMY [Adw]
2014.9-160708

AVG
Downloader
2017.0.2689

Bkav FE
W32.HfsAdware
1.3.0.7400

Comodo Security
Application.MSIL.Joedown.A
24295

Dr.Web
Trojan.KillFiles.18730
9.0.1.0190

ESET NOD32
MSIL/Adware.Joedown (variant)
10.13066

Fortinet FortiGate
Adware/Joedown
7/8/2016

G Data
Win32.Application.Agent.3TZOL4
16.7.25

IKARUS anti.virus
AdWare.MSIL.Joedown
t3scan.2.0.7.0

K7 AntiVirus
Unwanted-Program
13.213.18814

Kaspersky
Trojan.Win32.StartPage
14.0.0.-61

McAfee
Artemis!6F1B82AC57B3
5600.6345

Sophos
Generic PUA OC (PUA)
4.98

Trend Micro
TROJ_GEN.R021C0OA316
10.465.08

VIPRE Antivirus
Trojan.Win32.Generic
47388

File size:
465.7 KB (476,896 bytes)

Product version:
5.0.0.0

Copyright:
Tchibo

Trademarks:
Tchibo

Original file name:
Tchibo.exe

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\vop.exe

Digital Signature
Signed by:
DEY YAZILIM İNTERNET HIZMETLERI SAN.VE. TIC. LTD. STI.

Authority:
COMODO CA Limited

Valid from:
3/23/2015 4:00:00 AM

Valid to:
3/23/2016 3:59:59 AM

Subject:
CN=DEY YAZILIM İNTERNET HIZMETLERI SAN.VE. TIC. LTD. STI., OU=Software, O=DEY YAZILIM İNTERNET HIZMETLERI SAN.VE. TIC. LTD. STI., STREET=KULOGLU MAH.ALYON GECIDI SOK., STREET=no 2 d 2 beyoğlu, L=istanbul, S=istanbul, PostalCode=34433, C=TR

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
74CFE735D4A9C333262E54F219961F8F

File PE Metadata
Compilation timestamp:
4/23/2015 7:20:17 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
6144:PMGsgL7GZOsLa30hTbeS/J1s0ldUmx/bLbYnwch3SoBYUQs:P/nGZY09KS/J1sGdUmx/bwnwccLs

Entry address:
0x636AE

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
390 KB (399,360 bytes)

The file vop.exe has been seen being distributed by the following URL.

http://ultrafastdownloads.com/downloader.aspx?s=3&filename=Vop&p=10446

Remove vop.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.